diff options
author | davidben@chromium.org <davidben@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-08-19 23:12:12 +0000 |
---|---|---|
committer | davidben@chromium.org <davidben@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-08-19 23:12:12 +0000 |
commit | 6f9ebd9f3a6e14139a3e28d9bd415cc250e644d5 (patch) | |
tree | 2846cbd1efffada03ae9f87cc5df46caf1c78e07 /net/third_party | |
parent | d2586b55a1e253f23d91517e0d757bacb7223435 (diff) | |
download | chromium_src-6f9ebd9f3a6e14139a3e28d9bd415cc250e644d5.zip chromium_src-6f9ebd9f3a6e14139a3e28d9bd415cc250e644d5.tar.gz chromium_src-6f9ebd9f3a6e14139a3e28d9bd415cc250e644d5.tar.bz2 |
Give keys friendly names in NSS and OS X
This will make them browsing them easier in Keychain Access and certutil.
It also gives them a more useful name in Keychain permission dialogs.
The friendly name is currently just the hostname which requested
the key. It would be nice to have some surrounding text with
localization, but this works for now.
BUG=none
TEST=none
Review URL: http://codereview.chromium.org/2806045
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@56774 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/third_party')
-rw-r--r-- | net/third_party/mozilla_security_manager/nsKeygenHandler.cpp | 17 | ||||
-rw-r--r-- | net/third_party/mozilla_security_manager/nsKeygenHandler.h | 4 |
2 files changed, 20 insertions, 1 deletions
diff --git a/net/third_party/mozilla_security_manager/nsKeygenHandler.cpp b/net/third_party/mozilla_security_manager/nsKeygenHandler.cpp index ffef66d..99d5206 100644 --- a/net/third_party/mozilla_security_manager/nsKeygenHandler.cpp +++ b/net/third_party/mozilla_security_manager/nsKeygenHandler.cpp @@ -48,9 +48,11 @@ #include <keyhi.h> // SECKEY_CreateSubjectPublicKeyInfo() #include "base/base64.h" +#include "base/logging.h" #include "base/nss_util_internal.h" #include "base/nss_util.h" -#include "base/logging.h" +#include "base/string_util.h" +#include "googleurl/src/gurl.h" namespace { @@ -94,6 +96,7 @@ namespace mozilla_security_manager { // in mozilla/security/manager/ssl/src/nsKeygenHandler.cpp. std::string GenKeyAndSignChallenge(int key_size_in_bits, const std::string& challenge, + const GURL& url, bool stores_key) { // Key pair generation mechanism - only RSA is supported at present. PRUint32 keyGenMechanism = CKM_RSA_PKCS_KEY_PAIR_GEN; // from nss/pkcs11t.h @@ -171,6 +174,18 @@ std::string GenKeyAndSignChallenge(int key_size_in_bits, goto failure; } + // Set friendly names for the keys. + if (url.has_host()) { + // TODO(davidben): Use something like "Key generated for + // example.com", but localize it. + const std::string& label = url.host(); + { + base::AutoNSSWriteLock lock; + PK11_SetPublicKeyNickname(publicKey, label.c_str()); + PK11_SetPrivateKeyNickname(privateKey, label.c_str()); + } + } + // The CA expects the signed public key in a specific format // Let's create that now. diff --git a/net/third_party/mozilla_security_manager/nsKeygenHandler.h b/net/third_party/mozilla_security_manager/nsKeygenHandler.h index 75703bb..ae1f5a3 100644 --- a/net/third_party/mozilla_security_manager/nsKeygenHandler.h +++ b/net/third_party/mozilla_security_manager/nsKeygenHandler.h @@ -42,6 +42,8 @@ #include <string> +class GURL; + namespace mozilla_security_manager { #define DEFAULT_RSA_KEYGEN_PE 65537L @@ -52,9 +54,11 @@ namespace mozilla_security_manager { // Parameters: // key_size_in_bits: key size in bits (usually 2048) // challenge: challenge string sent by server +// url: the URL which requested the SPKAC // stores_key: should the generated key pair be stored persistently? std::string GenKeyAndSignChallenge(int key_size_in_bits, const std::string& challenge, + const GURL& url, bool stores_key); } // namespace mozilla_security_manager |